Project

General

Profile

Actions

Bug #15597

closed

Update relayd dependencies to fix RUSTSEC-2019-0013

Added by Alexis Mousset over 5 years ago. Updated about 5 years ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

cd relayd && cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 34 security advisories (from /home/jenkins/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (273 crate dependencies)
error: Vulnerable crates found!

ID:     RUSTSEC-2019-0013
Crate:     spin
Version: 0.5.1
Date:     2019-08-27
URL:     https://github.com/mvdnes/spin-rs/issues/65
Title:     Wrong memory orderings in RwLock potentially violates mutual exclusion
Solution: upgrade to: >= 0.5.2
Actions #1

Updated by Alexis Mousset over 5 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #2

Updated by Alexis Mousset over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder/pull/2433
Actions #3

Updated by Alexis Mousset over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #4

Updated by Vincent MEMBRÉ about 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.0~beta1 which was released today.

Actions

Also available in: Atom PDF